“Cyber-attackers compromised a small number of employee log-in credentials, allowing unauthorised access to eBay's corporate network,” said a company statement.

“The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information.”

The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.

The online retailer said that it will be asking eBay users to change their passwords. However, it said it has no evidence of the compromise resulting in unauthorised activity for eBay users, and no evidence of any unauthorised access to financial or credit card information, which is stored separately in encrypted formats.

“Changing passwords is a best practice and will help enhance security for eBay users,” said the company statement.

“Working with law enforcement and leading security experts, we are aggressively investigating the matter and applying the best forensics tools and practices to protect customers.”